Some help with redirects, a pop-up, & a corrupted hosts file?

[Dragonzord]

Hey guys,
I've been digging around trying to fix this redirection issue for a while, fruitlessly trying to edit/delete/rename the hosts file, and now recently some pop-ups have been occurring in the bottom-right of my browser.
It seems you guys have successfully solved very similar issues for other users in the past, so I'm hoping you can shed some light on this for me. :)
The contents of DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by User at 21:16:45 on 2012-07-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8109.6779 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\TEMP\FP_AX_CAB_INSTALLER.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:63475
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{E9BBE345-E75A-482D-B4C0-7AD3A469C10B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E9BBE345-E75A-482D-B4C0-7AD3A469C10B} : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ch0u0t8.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63475
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2012-2-27 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-07-31 01:36:22 -------- d-----w- C:\_OTL
2012-07-26 05:48:08 -------- d-----w- C:\Program Files (x86)\MSECache
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 06:04:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-30 06:04:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-24 16:57:50 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
.
============= FINISH: 21:16:57.86 ===============

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


You do have some hosts file issues, lets check futher

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply





OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[Dragonzord]

Sorry about that ken545, I misunderstood the aswMBR "don't run fixes" as "don't run scans" until asked.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-02 14:55:54
-----------------------------
14:55:54.099 OS Version: Windows x64 6.1.7601 Service Pack 1
14:55:54.099 Number of processors: 8 586 0x2A07
14:55:54.099 ComputerName: X UserName:
14:55:54.458 Initialize success
14:57:02.425 AVAST engine defs: 12080201
14:58:05.961 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:58:05.961 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
14:58:05.961 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
14:58:05.961 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
14:58:05.977 Disk 0 MBR read successfully
14:58:05.977 Disk 0 MBR scan
14:58:05.977 Disk 0 Windows 7 default MBR code
14:58:05.977 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
14:58:05.992 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73076 MB offset 64260
14:58:06.024 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3176 MB offset 149725800
14:58:06.070 Disk 0 scanning C:\Windows\system32\drivers
14:58:16.210 Service scanning
14:58:38.440 Modules scanning
14:58:38.440 Disk 0 trace - called modules:
14:58:38.456 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:58:38.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a5b790]
14:58:38.456 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800786d520]
14:58:38.472 5 ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800784f060]
14:58:38.862 AVAST engine scan C:\Windows
14:58:40.765 AVAST engine scan C:\Windows\system32
14:58:51.747 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
15:00:25.060 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:00:27.556 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
15:01:11.377 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:Downloader-PKU [Trj]
15:01:11.689 AVAST engine scan C:\Windows\system32\drivers
15:01:23.170 AVAST engine scan C:\Users\User
15:04:28.857 AVAST engine scan C:\ProgramData
15:05:53.129 Scan finished successfully
15:06:24.344 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
15:06:24.344 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

[Dragonzord]

OTL logfile created on: 8/2/2012 3:16:29 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 6.77 Gb Available Physical Memory | 85.53% Memory free
15.84 Gb Paging File | 14.71 Gb Available in Paging File | 92.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.36 Gb Total Space | 11.75 Gb Free Space | 16.46% Space Free | Partition Type: NTFS
Drive D: | 462.40 Gb Total Space | 262.23 Gb Free Space | 56.71% Space Free | Partition Type: NTFS

Computer Name: X | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\Temp\FP_AX_CAB_INSTALLER.exe (Adobe Systems Incorporated)
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55576


IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 08 C7 CE 3F 93 CC 01 [binary data]
IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63475

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63475
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 16:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/25 13:02:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/01/19 00:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/26 16:07:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/26 16:07:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/26 16:07:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2012/01/20 14:50:14 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.113 www.google-analytics.com.
O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.113 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
F3:64bit: - HKU\S-1-5-19 WinNT: Load - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe) - File not found
F3 - HKU\S-1-5-19 WinNT: Load - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BBE345-E75A-482D-B4C0-7AD3A469C10B}: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BBE345-E75A-482D-B4C0-7AD3A469C10B}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-19 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\F8B20\55CB6.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2dd2a1c4-ff3f-11e0-baac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2dd2a1c4-ff3f-11e0-baac-806e6f6e6963}\Shell\AutoRun\command - "" = E:\KingVideoPlayer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 14:53:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012/07/30 21:06:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/30 21:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/30 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/30 21:00:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/07/30 21:00:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\User\Desktop\erunt-setup.exe
[2012/07/30 20:36:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/30 20:34:55 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/26 00:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/07/26 00:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2012/08/02 15:06:24 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2012/08/02 14:54:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012/08/02 14:54:10 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 14:54:10 | 000,018,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 14:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 14:48:51 | 2082,349,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 02:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413128680-2735381842-1444654988-1000UA.job
[2012/08/01 19:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2413128680-2735381842-1444654988-1000Core.job
[2012/08/01 08:56:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/30 21:58:05 | 000,049,879 | ---- | M] () -- C:\Users\User\Desktop\Untitled.wma
[2012/07/30 21:30:19 | 000,000,170 | ---- | M] () -- C:\Users\User\Desktop\- .rtf
[2012/07/30 21:18:12 | 000,002,754 | ---- | M] () -- C:\Users\User\Desktop\Attach.zip
[2012/07/30 21:00:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/07/30 21:00:07 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\User\Desktop\erunt-setup.exe
[2012/07/30 20:34:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/30 20:23:24 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\TDSSKiller.exe
[2012/07/30 18:45:31 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2037/11/30 02:43:57 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000000.@
[2037/04/09 23:28:15 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000c0.@
[2037/04/09 23:28:09 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cb.@
[2037/04/09 23:27:51 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cf.@
[2037/04/09 23:27:36 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000c0.@
[2037/04/09 23:27:26 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cb.@
[2037/04/09 23:27:17 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cf.@
[2012/08/02 15:06:24 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2012/08/01 08:56:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/30 21:58:05 | 000,049,879 | ---- | C] () -- C:\Users\User\Desktop\Untitled.wma
[2012/07/30 21:18:12 | 000,002,754 | ---- | C] () -- C:\Users\User\Desktop\Attach.zip
[2012/07/30 10:51:28 | 000,092,672 | ---- | C] () -- C:\Windows\assembly\temp\U\80000032.@
[2012/07/30 10:51:28 | 000,080,896 | ---- | C] () -- C:\Windows\assembly\temp\U\80000064.@
[2012/07/26 00:48:34 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/06/26 13:36:17 | 000,000,218 | ---- | C] () -- C:\Windows\assembly\temp\L\00000004.@
[2012/06/25 02:36:09 | 000,001,536 | ---- | C] () -- C:\Windows\assembly\temp\U\00000001.@
[2012/06/13 17:12:52 | 000,224,768 | ---- | C] () -- C:\Windows\assembly\temp\U\00000002.@
[2012/03/30 09:18:01 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000004.@
[2012/02/27 20:15:51 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/09 00:11:11 | 000,788,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/19 19:14:11 | 000,002,048 | -HS- | C] () -- C:\Windows\assembly\temp\@
[2011/12/26 19:39:29 | 000,010,224 | -HS- | C] () -- C:\Users\User\AppData\Local\17672385l5n4
[2011/12/26 19:39:29 | 000,010,224 | -HS- | C] () -- C:\ProgramData\17672385l5n4
[2011/11/02 12:48:14 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\00000004.@
[2011/11/01 20:52:30 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/10/25 13:25:10 | 000,007,601 | -H-- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/02/09 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\2006C
[2012/05/26 10:45:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012/02/18 01:03:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\F8B20
[2011/12/09 22:11:52 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\flightgear.org
[2011/12/09 21:37:12 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\fltk.org
[2012/01/18 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\King Schools
[2011/10/25 17:17:58 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012/05/23 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2012/08/02 01:40:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mumble
[2011/12/09 22:06:50 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Subversion
[2012/06/16 01:59:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/02/07 01:33:04 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/06/17 06:48:27 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

— - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — - — -

OTL Extras logfile created on: 8/2/2012 3:16:29 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 6.77 Gb Available Physical Memory | 85.53% Memory free
15.84 Gb Paging File | 14.71 Gb Available in Paging File | 92.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.36 Gb Total Space | 11.75 Gb Free Space | 16.46% Space Free | Partition Type: NTFS
Drive D: | 462.40 Gb Total Space | 262.23 Gb Free Space | 56.71% Space Free | Partition Type: NTFS

Computer Name: X | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2413128680-2735381842-1444654988-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09394E2F-9482-40D2-AF77-8578EABE6E28}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{111CBF57-1054-4699-8DE0-DE505C17EAE8}" = lport=58258 | protocol=17 | dir=in | name=pando media booster |
"{161DD9A5-0313-422C-9BD9-FB63B33BB09E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1C3F5A88-2315-4C06-BAF3-EA4D9A5831C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EB9FCD4-BB70-43D2-9887-1F8F4DF67296}" = lport=58258 | protocol=6 | dir=in | name=pando media booster |
"{22DB2BCB-D90E-43AB-9EB3-DA8DC434B4F8}" = lport=58258 | protocol=6 | dir=in | name=pando media booster |
"{2F360896-41DB-4167-B8F1-DB83C41419C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{395F5C18-8B94-4E23-A66D-0F7A0EC09052}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AFCE7A7-3ED7-405D-BE2D-B36C9AF76676}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58E67A09-246F-483D-AC6A-35E6B9BEE60E}" = lport=138 | protocol=17 | dir=in | app=system |
"{5EA8A834-6268-41FB-BE5B-D586A5AA33B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C9484CF-C7B2-4CFB-A18C-F2328DD3205F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70FED018-8409-48FB-95D8-A473C22BFDDA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74AA49A3-DFBE-4D8B-A9ED-03F9FB24ACB9}" = rport=138 | protocol=17 | dir=out | app=system |
"{79015AE3-7829-455C-BCE0-0B9209336A54}" = lport=58258 | protocol=17 | dir=in | name=pando media booster |
"{7E7F8B26-62B1-4B89-BE5E-FE3F1813D52E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84035D9A-055E-4F21-9021-AAE4B81B3DC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{974D78B4-8173-43BE-B056-40E8105A180F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F3BEE03-8408-40F9-98A3-04B481D1F1F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A514A437-EF38-426B-883F-26D78F9FC3A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{B92F4EB3-355E-4DB6-A895-B62479B77DFF}" = lport=137 | protocol=17 | dir=in | app=system |
"{C34C9D85-0212-4678-AA6D-2EBFE225BD9D}" = rport=139 | protocol=6 | dir=out | app=system |
"{D29F1747-65DF-4FF7-9267-08F02C456927}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D85FA7C7-3A43-47E3-A619-FCFAB823F52B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F7D7EDEB-0934-4297-815C-C486A999E1E7}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0063E821-85A2-48CD-B80B-6E51416B3D72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{01C910CD-A215-4641-AFB7-AF9938124DE7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{04FC7008-87A3-4D3E-943E-26A6FBFAEE9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F6877F0-8EDF-4E00-B60A-1B96E579EA3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1608B276-23AF-47B7-BBCD-6935A2CC7C3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{183E3271-0280-41DD-9797-F233907FF6D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C543302-697D-4F5D-80A9-391E2C4EC73F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22E263A5-D362-432D-B51E-5F2EAF4810EF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{25BBB851-8A98-4EA6-8356-66E7FBE0BF92}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{31BDE90C-2C43-42A0-A8CD-FD4B7C7E56E5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{340AE53F-0F07-4FEE-A612-0E712A951312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4844845B-6584-469E-A587-498E2D1CAC7B}" = protocol=6 | dir=out | app=system |
"{4E16112F-C943-412F-8669-7EC45D8ECE95}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4F7A6E5E-FE90-4CB1-9E5B-35B445888C60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C68BDFD-DDE3-44DC-B42A-084D87544711}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5FEC65D5-8CAF-4698-B2A7-0137D54F4EF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6B628FA6-F18E-4E2B-8D51-7659095EC8EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A64844B-8089-4C98-8B7E-7CECE77AFA45}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80F39FA2-BB63-4B6E-B5CF-98DF0C1C557E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{821416E8-BB01-4B56-A3F4-B9DBFAE1DE79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{870F10FC-E4C9-4BE9-B5D4-D03B09995D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{957667F3-6A1B-417D-948A-A9558582B8C9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A0E1F4CB-A510-45F7-9A59-4EAE1951820F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2F15E8D-5196-465C-82F4-E67A0F41F926}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B13B4E1F-AF96-47AE-A126-EABBCE6D304A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B55C690C-E59E-4333-94CA-89A9EC9E29F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB6B05BF-834F-483F-A82E-65A52F84AE87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8C6ABDB-2410-4898-85B9-2E667F0C5A3D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB8C86BC-DC6E-4B33-A761-E9305C943A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D6C506DA-0E1D-49E1-A4A8-6E37DF4349B3}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D7C16531-0A7E-487F-BB39-2217575C0BD2}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D8A0FBA2-2755-4E67-8860-D4A3871F15B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E3CE1886-824A-4E8D-A356-7FFB44C78B68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F348226D-042C-4F08-9BE4-BDCE3A151250}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F636B83B-1654-4E7D-B4C1-AE3AD919CBEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{93B1C9DF-7FB1-44D1-8B66-84826854E7C3}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{7B8014F8-AB97-4B52-AABF-03259152AA53}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.44
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Cessna Multimedia Version 6.0" = Cessna Multimedia Version 6.0
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 550" = Left 4 Dead 2
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACFinder" = SancMedia

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2413128680-2735381842-1444654988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2012 11:07:53 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ff0 Start
Time: 01cd6ba4facb50ad Termination Time: 1 Application Path: C:\Users\User\Desktop\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe

Report
Id: 3dd5bf05-d798-11e1-9edb-50e54955cb63

Error - 7/26/2012 11:08:11 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: afc Start
Time: 01cd6ba5081f6023 Termination Time: 0 Application Path: C:\Users\User\Desktop\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe

Report
Id: 4af2df2d-d798-11e1-9edb-50e54955cb63

Error - 7/26/2012 11:10:07 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 694 Start
Time: 01cd6ba54ee6d9c3 Termination Time: 1 Application Path: C:\Users\User\Desktop\Downloads\LOLPBE(1)\LOLPBE\RADS\system\rads_user_kernel.exe

Report
Id: 90922826-d798-11e1-9edb-50e54955cb63

Error - 7/26/2012 11:18:17 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ffc Start
Time: 01cd6ba661cdaa17 Termination Time: 1 Application Path: C:\Users\User\Desktop\Downloads\LOLPBE\RADS\system\rads_user_kernel.exe

Report
Id: b4317558-d799-11e1-9edb-50e54955cb63

Error - 7/26/2012 11:18:49 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f90 Start
Time: 01cd6ba67c30337e Termination Time: 1 Application Path: C:\Users\User\Desktop\Downloads\LOLPBE\RADS\system\rads_user_kernel.exe

Report
Id: c77d29dc-d799-11e1-9edb-50e54955cb63

Error - 7/27/2012 4:39:44 AM | Computer Name = X | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 7/31/2012 12:54:01 AM | Computer Name = X | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 7/31/2012 2:22:32 AM | Computer Name = X | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/1/2012 6:12:08 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 10.0.2.4428 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 954 Start
Time: 01cd70241153772a Termination Time: 47 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: ed893f7b-dc25-11e1-8b32-50e54955cb63

Error - 8/1/2012 10:50:26 PM | Computer Name = X | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 6/21/2012 12:39:59 PM | Computer Name = X | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 6/21/2012 12:40:00 PM | Computer Name = X | Source = PNRPSvc | ID = 102
Description =

Error - 6/21/2012 12:40:01 PM | Computer Name = X | Source = PNRPSvc | ID = 102
Description =

Error - 6/21/2012 12:40:00 PM | Computer Name = X | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%5

Error - 6/21/2012 12:40:00 PM | Computer Name = X | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%5

Error - 6/21/2012 12:40:00 PM | Computer Name = X | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 6/21/2012 12:40:01 PM | Computer Name = X | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%5

Error - 6/21/2012 12:40:01 PM | Computer Name = X | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%5

Error - 6/21/2012 12:40:26 PM | Computer Name = X | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 6/21/2012 12:40:27 PM | Computer Name = X | Source = WMPNetworkSvc | ID = 866314
Description =


< End of report >

[ken545]

You have some serious issues going on virus wise



Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button NOT FIX MBR

Save the log as before and post in your next reply

[Dragonzord]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 02:47:58
-----------------------------
02:47:58.403 OS Version: Windows x64 6.1.7601 Service Pack 1
02:47:58.403 Number of processors: 8 586 0x2A07
02:47:58.403 ComputerName: X UserName:
02:47:58.668 Initialize success
02:48:02.771 AVAST engine defs: 12080201
02:48:12.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:48:12.459 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
02:48:12.459 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
02:48:12.459 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
02:48:12.475 Disk 0 MBR read successfully
02:48:12.475 Disk 0 MBR scan
02:48:12.475 Disk 0 Windows 7 default MBR code
02:48:12.475 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
02:48:12.490 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73076 MB offset 64260
02:48:12.521 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3176 MB offset 149725800
02:48:12.568 Disk 0 scanning C:\Windows\system32\drivers
02:48:22.490 Service scanning
02:48:44.163 Modules scanning
02:48:44.163 Disk 0 trace - called modules:
02:48:44.178 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
02:48:44.178 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a43790]
02:48:44.194 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800784b520]
02:48:44.194 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007830060]
02:48:44.459 AVAST engine scan C:\Windows
02:48:47.345 AVAST engine scan C:\Windows\system32
02:51:21.879 AVAST engine scan C:\Windows\system32\drivers
02:51:33.563 AVAST engine scan C:\Users\User
02:55:15.988 AVAST engine scan C:\ProgramData
02:57:10.164 Scan finished successfully
02:58:41.503 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
02:58:41.519 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR2.txt"

[ken545]

Good, looks like your infected with ZeroAccess Rootkit, there is more to remove


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162
  IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55576
  IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63475
  FF - prefs.js..network.proxy.http_port: 63475
  F3:64bit: - HKU\S-1-5-19 WinNT: Load - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe) - File not found
  F3 - HKU\S-1-5-19 WinNT: Load - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe) - File not found
  [2037/11/30 02:43:57 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000000.@
  [2037/04/09 23:28:15 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000c0.@
  [2037/04/09 23:28:09 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cb.@
  [2037/04/09 23:27:51 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cf.@
  [2037/04/09 23:27:36 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000c0.@
  [2037/04/09 23:27:26 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cb.@
  [2037/04/09 23:27:17 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cf.@
  [2012/07/30 10:51:28 | 000,092,672 | ---- | C] () -- C:\Windows\assembly\temp\U\80000032.@
  [2012/07/30 10:51:28 | 000,080,896 | ---- | C] () -- C:\Windows\assembly\temp\U\80000064.@
  [2012/06/26 13:36:17 | 000,000,218 | ---- | C] () -- C:\Windows\assembly\temp\L\00000004.@
  [2012/06/25 02:36:09 | 000,001,536 | ---- | C] () -- C:\Windows\assembly\temp\U\00000001.@
  [2012/06/13 17:12:52 | 000,224,768 | ---- | C] () -- C:\Windows\assembly\temp\U\00000002.@
  [2012/03/30 09:18:01 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000004.@
  [2011/11/02 12:48:14 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\00000004.@
  [2012/06/16 01:59:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

[Dragonzord]

Alright ken545, thanks for your help so far, I think identifying the issue(s) is half the battle. :)

I ran this code as directed but it gets hung up at [resethosts] with an error message window that says something along the lines of "Error: Cannot create file C:\Windows\System32\drivers\etc\Hosts" and "Resetting HOSTS file. DO NOT INTERRUPT..." at the bottom.

This may be in line with the issues I'd had trying to edit the hosts file running as admin, in safe mode, logged in as Administrator, trying to change permissions, etc. Something is denying me access/powers to edit or delete that file.

[ken545]

Lets omit the hosts file entry and run the script and we can deal with that in a bit

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162
  IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55576
  IE - HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63475
  FF - prefs.js..network.proxy.http_port: 63475
  F3:64bit: - HKU\S-1-5-19 WinNT: Load - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe) - File not found
  F3 - HKU\S-1-5-19 WinNT: Load - (C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe) - File not found
  [2037/11/30 02:43:57 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000000.@
  [2037/04/09 23:28:15 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000c0.@
  [2037/04/09 23:28:09 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cb.@
  [2037/04/09 23:27:51 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cf.@
  [2037/04/09 23:27:36 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000c0.@
  [2037/04/09 23:27:26 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cb.@
  [2037/04/09 23:27:17 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cf.@
  [2012/07/30 10:51:28 | 000,092,672 | ---- | C] () -- C:\Windows\assembly\temp\U\80000032.@
  [2012/07/30 10:51:28 | 000,080,896 | ---- | C] () -- C:\Windows\assembly\temp\U\80000064.@
  [2012/06/26 13:36:17 | 000,000,218 | ---- | C] () -- C:\Windows\assembly\temp\L\00000004.@
  [2012/06/25 02:36:09 | 000,001,536 | ---- | C] () -- C:\Windows\assembly\temp\U\00000001.@
  [2012/06/13 17:12:52 | 000,224,768 | ---- | C] () -- C:\Windows\assembly\temp\U\00000002.@
  [2012/03/30 09:18:01 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000004.@
  [2011/11/02 12:48:14 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\00000004.@
  [2012/06/16 01:59:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

[Dragonzord]

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2413128680-2735381842-1444654988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 63475 removed from network.proxy.http_port
64bit-Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\2006C\lvvm.exe deleted successfully.
File C:\Windows\assembly\temp\U\80000000.@ not found.
File C:\Windows\assembly\temp\U\000000c0.@ not found.
File C:\Windows\assembly\temp\U\000000cb.@ not found.
File C:\Windows\assembly\temp\U\000000cf.@ not found.
File C:\Windows\assembly\temp\U\800000c0.@ not found.
File C:\Windows\assembly\temp\U\800000cb.@ not found.
File C:\Windows\assembly\temp\U\800000cf.@ not found.
File C:\Windows\assembly\temp\U\80000032.@ not found.
File C:\Windows\assembly\temp\U\80000064.@ not found.
File C:\Windows\assembly\temp\L\00000004.@ not found.
File C:\Windows\assembly\temp\U\00000001.@ not found.
File C:\Windows\assembly\temp\U\00000002.@ not found.
File C:\Windows\assembly\temp\U\80000004.@ not found.
File C:\Windows\assembly\temp\U\00000004.@ not found.
Folder C:\Users\User\AppData\Roaming\uTorrent\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 63074333 bytes
->Temporary Internet Files folder emptied: 1020648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91899634 bytes
->Google Chrome cache emptied: 9670777 bytes
->Flash cache emptied: 1790 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156320 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1533494971 bytes

Total Files Cleaned = 1,621.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08032012_163423

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...